1. Symantec/
  2. Security Response/
  3. VipAntiSpyware

VipAntiSpyware

Updated:
April 10, 2008 10:05:41 AM
Type:
Misleading Application
Name:
VipAntiSpyware
Version:
1.0
Publisher:
VipAntiSpyware.com
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\vipantispyware.lnk
  • %UserProfile%\Desktop\vipantispyware.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\Uninstall vipantispyware.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\vipantispyware on the Web.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\vipantispyware.lnk
  • %ProgramFiles%\vipantispyware\[CURRENT_DATE].upd
  • %ProgramFiles%\vipantispyware\alarm.wav
  • %ProgramFiles%\vipantispyware\click.wav
  • %ProgramFiles%\vipantispyware\config.cfg
  • %ProgramFiles%\vipantispyware\dbinfo
  • %ProgramFiles%\vipantispyware\dll\def2.base
  • %ProgramFiles%\vipantispyware\dll\defbase0.db
  • %ProgramFiles%\vipantispyware\dll\defbase1.db
  • %ProgramFiles%\vipantispyware\dll\defbase2.db
  • %ProgramFiles%\vipantispyware\dll\defbase3.db
  • %ProgramFiles%\vipantispyware\dll\defbase4.db
  • %ProgramFiles%\vipantispyware\dll\defbase5.db
  • %ProgramFiles%\vipantispyware\dll\defbase6.db
  • %ProgramFiles%\vipantispyware\dll\defbase7.db
  • %ProgramFiles%\vipantispyware\dll\defbase8.db
  • %ProgramFiles%\vipantispyware\dll\immunization.pl
  • %ProgramFiles%\vipantispyware\dll\license
  • %ProgramFiles%\vipantispyware\dll\sig2.base
  • %ProgramFiles%\vipantispyware\dll\sigrules.rul
  • %ProgramFiles%\vipantispyware\dll\update.scr
  • %ProgramFiles%\vipantispyware\success.wav
  • %ProgramFiles%\vipantispyware\unins000.dat
  • %ProgramFiles%\vipantispyware\unins000.exe
  • %ProgramFiles%\vipantispyware\vipantispyware.exe
  • %ProgramFiles%\vipantispyware\vipantispyware.url
  • %SystemRoot%\winxplogon.sys


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"vipantispyware" = "C:\Program Files\vipantispyware\vipantispyware.exe"

It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\vipantispyware
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VipAntispyware_is1
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube